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(54) Secure printing 



(57) Secure printing of print data from a client appli- 
cation residing on a data network to a set top. box which 
has a printer, said set top box residing on a digital cable 
network which has a cable head end for interfacing said 
digital cable network to said data network, wherein print 
data is generated in said client application after which it 



is determined whether a secure communication path ex- 
ists between said client application and said set top box. 
If the secure communication path exists, the print data 
is transmitted from said client application to said set top 
box. The print data is then sent from the set top box to 
the printer for printing. 
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Description 

[0001] The present invention relates to the secure 
transmission of print data generated from an internet ap- 
plication over a cable network to one or more set top 5 
boxes for printing on printers attached to the set top box- 
es. More, specifically, the present invention provides a 
mechanism for an internet client application to generate 
print data and to initiate transmission of the print data 
over a cable network to the set top box of a subscriber 10 
in a secure manner for subsequent printing on the print- 
er attached to the set top box. 

[0002] Generally, the increasing use of the internet 
has resulted in the proliferation of web sites which pro- 
vide various services for access by the home consumer. 15 
For example, many financial institutions, such as banks, 
provide the ability for a consumer to. access a web page 
over the internet and to view financial information relat- 
ed to that specific consumer. It can be appreciated that 
such financial information is confidential and, therefore, 20 
access to such financial information is usually protected 
by some type of security mechanism at the internet cli- ~ 
ent application maintained by the bank. For example, a 
consumer may be required to enter identification data, 
which may include a password in order to access the 2s 
consumer's financial information, jn addition, the inter- 
net client application maintained by the financial institu- 
tion may implement a secure communication protocol 
for the transmission of confidential information to the re- 
questing consumer. The. financial institution example 30 
discussed above is merely one of many internet appli- 
cations that a home consumer may access to obtain in- 
formation related to that specific consumer. Other such 
internet applications include credit card services, utility 
billing, and other billing statements, and merchants .35 
which sell goods and services over the internet. 
[0003] Typically, a home consumer can access these 
internet applications through the use of a home personal 
computer (PC) which is connected to the internet via a 
gateway such as an ISP (internet service provider). In 40 
many instances, an internet client application which is 
maintained by a financial institution, credit card service 
or merchant only allows the consumer to access confi- 
dential information related to that specific consumer, 
and may allow such information to be downloaded from 45 
the internet client application to the consumer's home 
PC. Once downloaded, the confidential information can 
be used by the consumer for printing on a printer at- 
tached to the consumer's home PC, for viewing by the 
consumer on the consumer's home PC, or for use with so 
a PC-based application, such as a financial manage- 
ment application. 

[0004] In addition to the widespread use of home PCs 
to access the internet, there has been a growing use of 
devices known as set top boxes for connecting a com- ss 
mon television to a digital cable network. Typically, the 
digital cable network comprises a digital broadband net- 
work which incorporates digital and analog services 



such as analog and digital television signal broadcasts, 
analog and digital pay-per-view services, digital near 
video on demand, and one and two way real time data 
communication. Such digital cable networks also pro- 
vide services such as web browsing and e-mail by pro- 
viding access to the internet through a proxy between 
the internet and the digital cable network. 
[0005] The typical digital cable network has a cable 
head end which collects value added services for distri- 
bution over the digital cable network, .including television 
stations, pay-per-view television stations, near video on 
demand, web browsing and e-mail. The cable head end 
also implements network control systems which are re- 
quired to manage the distribution and control of the 
aforementioned services over the digital cable network. 
The cable head end of a typical digital cable network 
has the capacity to provide services for as many as one- 
half to one million homes. Through the use of numerous 
hubs, each of which provides service to approximately 
500 to 2,000 homes. The set top box within each home 
communicates with the cable head end through a client/ 
server relationship. The STB (set top box) hosts various 
applications that present the user with the functionality 
offered by the various cable services. The more familiar 
applications provided over such digital cable networks 
are a navigator, an interactive program guide, e-mail, 
and a web browser. In such applications, the STB hosts 
the client software and the cable head end hosts the 
server software. The set top box itself may be one of 
many currently available set top boxes, such as the Ex- 
plorer 2000 by Scientific Atlanta, the DCT 5000+ by 
General Instrument, and the Streammaster by Motorola. 
[0006] Thus, home consumers with set top boxes may 
access various internet services, such as financial insti- 
tutions, credit card services and on-line merchants via 
the internet proxy provided by the cable head end of the 
digital cable network. The home consumer can browse 
the various web sites provided by such internet services 
and through the use of the consumer's television via the 
consumer's set top box. Although a consumer can ac- 
cess the consumer's banking institution through its in- 
ternet service in this manner, the consumer that is using 
a set top box cannot print information from such internet 
services because set top boxes do not currently support 
printers. 

[0007] In many instances, it would be preferable for 
an internet client application that is maintained by a 
bank, credit card service or on-line merchant to have the 
capability to provide consumer- related data to a con- 
sumer on a regular basis, such as a banking statement 
or utility bill, by initiating transmission of such consumer- 
related data over the digital cable network to the con- 
sumer's set top box. For example, it would be desirable 
to replace monthly banking statements which are sent 
by mail with monthly transmissions of such banking 
statements to the consumer's set top box in the consum- 
er's home. It can be further appreciated that such regu- 
larly sent consumer-related data would preferably be 
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automatically printed on a printer attached to the set top 
box so that the consumer does not need to be involved 
in the printing process. Que to the confidential nature of 
such consumeroriented information, such printing 
which is initiated by the internet service would need to 
be handled in a secure manner such that no other sub- 
scriber to the digital cable network could access or in- 
tercept such information and to ensure that the informa- 
tion is delivered to the appropriate set top box. Currently, 
however, digital cable networks do not provide the ca- 
pability to allow an internet application to initiate the se- 
cure transmission of confidential print data over the dig- 
ital cable network to a set top box for printing on a printer 
which is locally attached to the set top box. 
[0008] The present invention addresses the foregoing 
problems by providing an arrangement whereby an in- 
ternet client application generates confidential informa- 
tion corresponding to a home subscriber connected to 
a digital cable network through a set top box, after which 
the internet client application establishes a secure com- 
munication path between the internet client application 
and the set top box corresponding to the home subscrib- 
er, whereupon the client application transmits the con- 
fidential print data over the secure communication path 
to the set top box for automatic printing directly by a 
printer that is locally attached to the set top box. It will 
be appreciated that the present invention can be used 
in many types of network environments other than a dig- 
ital cable network, such as a wireless network or a sat- 
ellite broadcasting network. 

[0009] In a first embodiment, the invention is a method 
for the secure printing of print data from a client appli- 
cation residing on a data network to a set top box which 
has a printer, said set top box communicating with a 
broadcasting station for interfacing a broadband net- 
work to said data network, said method including gen- 
erating print data in the client application, determining 
whether a secure communication path exists between 
the client application and the set top box, and transmit- 
ting, in response to a determination that the secure com- 
munication path exists, the print data from the client ap- 
plication to the set top box. 

[0010] In a preferred embodiment, the present inven- 
tion is a method for the secure printing of print data from 
a client application residing on a data network to a set 
top box which has a printer, the set top box communi- 
cating with a broadcasting station for interfacing a 
broadband network to the data network. The method in- 
cludes generating print data in the client application, de- 
termining that a secure communication path exists be- 
tween the client application and the cable head end up- 
on receipt through a secure protocol of a confirmation 
from the cable head end that the cable head end is a 
secure location, sending, in response to a determination 
that the secure communication path exists, the print da- 
ta from the client application to the cable head end in a 
device-independent format, transforming in the cable 
head end, the print data from the device-independent 



format to a rasterized format. which corresponds to the 
printer, determining that a secure communication path 
exists between the cable head and the set top box upon 
receipt, through a secure protocol, of a confirmation 
s from the set top box that the set top box is a secure lo- 
cation, and sending, in response to a determination that 
the secure communication path exists, the print data in 
the rasterized format from the cable head end to the set 
top box. 

10 [0011] By virtue of this arrangement, an internet client 
application, such as one maintained by a banking insti- 
tution, can generate and then initiate the transmission 
of print data containing confidential information relating 
to a particular subscriber having a set top box on a digital 

is cable network, whereby the transmission of the confi- 
dential print data is done in a secure manner through a 
trusted environment. Therefore, a- banking institution 
having an internet client application can generate 
monthly banking statements for its customers that have 

20 set top boxes in their homes, whereby the banking state- 
ments are generated on a regular schedule and then 
sent from the bank's internet client application through 
the cable head end of a digital cable network to the ap- 
propriate subscriber's set top box for automatic printing 

25 on a locally attached printer. In this manner, the home 
user of the set top box is not required to initiate printing 
of the bank statement and does not even need to be 
present when printing occurs. 

[0012] In another embodiment, the invention is a 

30 method for the secure printing of print data from a client 
application residing on a data network to a set top box 
which has a printer, the set top box communicating with 
a broadcasting station for interfacing a broadcasting 
network to said data network. The method includes gen- 

35 erating print data in the client application, transforming, 
in the client application, the print data from the device- 
independent format to a rasterized format which corre- 
sponds to the printer, encrypting, in the client applica- 
tion, the print data in the rasterized format, sending the 

^0 encrypted print data in the rasterized format from the 
client application to the cable head end, and sending the 
encrypted print data in the rasterized format from the 
cable head end to the set top box. 
[0013] In a preferred embodiment, the client applica- 

45 tion generates confidential print data corresponding, to 
a consumer having a set top box with a locally attached 
printer in the consumer's home. The client application 
then rasterizes the print data in a format which corre- 
sponds to the printer. Preferably, the client application 

50 also encrypts the print data for additional security The 
client application then sends the rasterized, encrypted 
print data to the cable head end which passes the print 
data on to the set top box. The set top box then decrypts 
the print data and sends it to the locally attached printer 

55 for printing. 

. [001 4] By virtue of this arrangement, an internet client 
application, such as a bank, can transmit confidential 
print data to a consumer through an untrusted environ- 
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ment (cable head end) by sending the print data through 
the cable head end of the digital cable network in a ras- 
terized format corresponding to the particular printer 
that is locally attached to the consumer's set top box. 
Therefore, the print data can be transmitted in a secure 
manner for printing by an internet client application even 
though the cable head end of the digital network is not 
considered a trusted environment. 
[0015] This brief summary, has been provided so that 
the nature of the invention may be understood quickly. 
It can be appreciated that other types of networks, such 
as wireless or satellite broadcasting networks, may be 
substituted instead of a digital cable network, wherein a 
broadcasting station is substituted for the cable head 
end. 

[0016] A more complete understanding of the inven- 
tion can be obtained by reference to the following de- 
tailed description of the preferred embodiment thereof, 
which is described by way of example only with refer- 
ence to the attached drawings in which: 
[0017] Figure 1 is a representation of a cable broad- 
band network embodying the present invention. 
[001 8] Figure 2 is a representation of a printing archi- 
tecture. 

[0019] Figure 3 illustrates representative software ar- 
chitecture of a set top box. 

[0020] Figure 4 shows the overall data flow of a print 
job from a client module through to its final delivery to a 
printer. 

[0021] Figure 5 is a flow chart for describing the over- 
all data flow of a print job from a client module through 
to its final delivery to a printer. 

[0022] Figures 6A, 6B and 6C illustrate general ar- 
rangements for unicast (point-to-point) printing and mul- 
ticast (one-to-many) printing. 

[0023] Figures 7A and 7B are flow charts showing re- 
spective processing by the cable head end and by the 
set top box in response to a print job. 
[0024] Figure 8 illustrates the relationship of the con- 
firmation client created in the set top box and the con- 
firmation server created in the cable head end. 
[0025] Figure 9 is a block diagram illustrating secure 
printing of print data. 

[0026] Figure 10 is a block diagram showing protocol 
layers which are utilized during secure push-printing. 
[0027] Figure 11 is a block diagram illustrating an al- 
ternate method of secure printing of print data. 
[0028] Figure 12 is a flow chart for describing secure 
printing. 

[0029] Figure 13 is a flow chart for describing the re- 
mote plug-and-play feature. 

[0030] Figure 1 illustrates a regional broadband digital 
cable network connected to the internet and utilizing the 
present invention. While embodiments of the present in- 
vention are described with reference to a digital cable 
network, it should be apparent that the invention, may 
be realised with other network forms including wireless 
and satellite broadcasting networks as well. The net- 



work is capable of delivering analog and digital broad- 
casts, secure analog and digital broadcasts, analog and 
digital pay-per-view, analog and digital impulse pay-per- 
view, digital near video on demand, one-way real-time 
5 datagram (broadcast IP data packets), and two-way re- 
al-time datagram (addressed IP data packets). 
[0031] As shown in Figure 1, the above-listed services 
may be delivered from service infrastructure 1 located 
at the broadcasting station (e.g. cable head-end), the 
10 infrastructure including value-added service provider 
systems 2 and network control systems 3. Value-added 
service provider systems 2 include digital satellite dis- 
tribution systems, applications executing on cable serv- 
ers (such as special-purpose applications like subscrib- 
es er service application, content gather applications, etc.), 
digital media servers outputting MPEG-2 datastreams, 
and an application data carousel defined by the DSM- 
CC specification. Network control systems 2, consisting 
of the Broadcast Control Suite and the PowerKey Con- 
20 trol Suite, provide management and control for the serv- 
ices supported by the broadband network. 
[0032] Alternatively, services may be delivered from 
World Wide Web (WWW) 4 through internet proxy 5, for 
example, from remote merchants like merchant 8. Ex- 
2S amples of merchants include banking, retailing, utilities, 
and the like. 

[0033] In either case, the services are delivered to Ca- 
ble Head End (CHE) 6 (or other broadcasting station), 
which serves as an interface between the service pro- 
30 viders and the rest of the broadband network. 

[0034] In particular, CHE 6, which is responsible for 
providing services to 500,000 to. 1,000,000 homes, is 
connected via fiber optic cabling to hubs 7, which are 
connected to CHE 6 or other hubs 7. Each hub 7 is, in 
35 turn, connected to at least one node 9, also using fiber 
optic cabling. Coaxial cable is then used to connect each 
node to Set Top Boxes 1 0 (STB's) of 500 to 2000 homes. 
Finally, each STB 10 is connected to television 11 , print- 
er 12 or both. Accordingly, services are delivered from 
40 a service provider to CHE 6, to one or more hubs 7, to 
node 9, to STB 10 and to television 11 or printer 12. It 
can be appreciated that CHE 6 can represent the cable 
head end of a digital cable network, or can represent a 
broadcasting station for interfacing a broadband net- 
45 work to a data network. For example, a wireless or sat- 
ellite broadcasting network may be used instead of a 
digital cable network to interface the data network to the 
• set top box. 

[0035] It should be noted that, by virtue of the forego- 
ne jng arrangement, service infrastructure 1 may be distrib- 
uted among CHE 6, hubs 7, or other facilities. 

[SOFTWARE ARCHITECTURE] 

55 [0036] Figure 2 illustrates several relevant compo- 
nents of service infrastructure 1, CHE 6, and STB 10, 
as well as relevant internet components of remote client 
modules connected to CHE 6 via internet proxy 5. In par- 
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ticular, three representative client modules 14 are illus- 
trated (although many more are contemplated in an ac- 
tual implementation), each client module 14 being locat- 
ed remotely of CHE 6 and connected to CHE 6 over the 
internet via internet proxy 5. Client modules 14 may be s 
executing on servers operated by a bank, a newspaper, 
or other entity from which a user may desire print data. 
Of course, more than three client modules 14 may be 
connected to the architecture shown in Figure 2. 
[0037] Each client module 14 includes client applica- 10 
tion 15, a Cable Printing Services Infrastructure (CPSI) 
client 16, and Internet Printing Protocol (IPP) client 17. 
Each client application 1 5 is preferably specific to serv- 
ices being performed at the client module, such as bank- 
ing services, newspaper services, and the like. Other is 
client-specific applications may also be executed at the 
client modules, such as applications that generate data 
or access databases for printout. Client application 15 
communicates with CPSI client 16 using an application 
programming interface (API). 20 
[0038] CPSI client 1 6 delivers print data received from 
client application 15 to CHE 6 through IPP client 17. Cor- 
respondingly, CHE 6 is provided with IPP server 19 to 
receive the print data. It should be noted that the print 
data travels over all three of IPP, HTTP, and TCP/IP pro- 2s 
tocols between respective ones of IPP clients 17 and 
IPP server 19. 

[0039] Although Figure 2 is illustrated with an IPP cli- 
ent/server communication between client modules 1 4 
and CHE 6, other communication protocols, or layers of 30 
protocols, may also be used. For example, to facilitate 
printing that is secure, an SSL (secure socket layer) pro- 
tocol may be utilized. In such an arrangement, a protocol 
stack is used, consisting of IPP client 1 7 over HTTP over 
SSL over TCP/IP. A complementary arrangement is pro- 35 
vided at CHE 6. Similarly, other protocols may be used, 
and multiple protocols can be used in parallel or in 
stacked arrangements. 

[0040] Whatever client/server arrangement is used, 
the client and servers communicate over a CPSI trans- 40 
port layer that facilitates communication from CPSI cli- 
ent 16. In general, data is pushed in one direction from 
CPSI client, with little or no data (other than acknowl- 
edgements and the like) returning in the other direction 
toward CPSI client 16. The actual CPSI transport may 45 
use TCP/IP, SMTP, or the like. The sessions may be se- 
cure. The CPSI transport layer is configured to hide any 
differences in the actual transport from CPSI client 16/ 
so that the actual transport is transparent from the view- 
point of CPSI client 16, thereby making CPSI client 16 so 
transport-independent. 

[0041] CHE 6 includes CPSI server 37, which is com- 
plementary in software structure to CPSI client 16, and 
acts to receive data transmitted from CPSI client 16. 
CHE 6 further includes spooler 20, which assigns print ss 
data received from IPP server 19 and CPSI server 37 
to a logical printer corresponding logically to a printer 
12, and queues print data for a physical device corre- 



sponding to the logical printer. CPSI spooler 20 assigns 
print data to a logical printer by retrieving a profile from 
preferences directory 21 which corresponds to a user 
ID or other address information received with the print 
data. 

[0042] Besides address information, preference di- 
rectory 21 also stores other information relating to sub- 
scriber preferences. Such information is set initially by 
the subscriber, during a registration process, and may 
thereafter be modified as desired. One such preference 
is a blocking feature, whereby a subscriber can block 
printing jobs that are received from particular mer- 
chants, or can accept print jobs only if they are received 
from particular merchants. Another such preference in- 
volves selection and configuration of an automatic data/ 
information delivery service. According to this delivery 
service, and based on subscriber preferences, CHE 6 
periodically executes a data gathering application (like 
application 22) that gathers information from internet 
sources (such as news, coupons, theater schedules and 
the like), packages the information into a print job, and 
sends the print job to the subscriber's set top box. 
[0043] CPSI spooler 20 is also connected to cable- 
specific applications such as application 22 through CP- 
SI server 37, IPP server 19, IPP client 18, and CPSI cli- 
ent 23. CPSI client 23 is similar to CPSI client 1 6. More- 
over, application 22 is similar to client application 15, in 
that it provides an application executed to perform serv- 
ices specific to a client (here, the cable head end) and 
can deliver print data to CPSI spooler 20. 
[0044] IPP client 24 is connected to CPSI spooler 20 
via CPSI client 38 to allow CHE 6 to communicate with 
each STB 10. CPSI client 38 is similar to CPSI clients 
1 6 and 23, and again provides for a complementary soft- 
ware architecture and data communications with a CPSI 
server at the set top box. In this regard, only two of many 
thousands of STB's are illustrated. Each STB 10 in- 
cludes IPP server 25 for connection to IPP client 24. It 
should be noted that, to deliver data from CHE 6 to STB 
1 0, a server is established in STB 10 and a correspond- 
ing client is established in CHE 6. In such a case, a pre- 
ferred transport protocol is again the CPSI transport lay- 
er, which is usable regardless of the particular underly- 
ing transport (TCP/IP, SMTP, QPSK, DOCSYS, broad- 
band through IP gateway, etc.). 

[0045] Although Figure 2 illustrates an IPP client/serv- 
er communication between CHE 6 and STB 10, other 
protocols may also be used. For example, in a situation 
where the resources available in STB 10 are already 
strained, it is possible to use SMTP and POP mail pro- 
tocols to deliver print jobs from CHE 6 to STB 10. Ad- 
vantages of such an arrangement include the fact that 
many conventional STB's already include mail proto- 
cols, thereby avoiding a further increase in STB re- 
source usage, firewalls that might exist in CHE 6 will al- 
low mail to go through, multiple mailboxes can be de- 
fined in each household, and mail clients (at the client 
modules) can easily be configured to support print jobs. 
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In the latter situation, CHE 6 and corresponding client 
modules 14 are also configured for communication via 
. a mail protocol client/server relation, such as an SMTP 
client/server. Similarly, other protocols can be used be- 
tween. CHE 6 and respective STB 10's, and multiple pro- 
tocols can be used in parallel or in stacked arrange- 
ments. . 

[0046] STB 10 includes CPS! server 39, and further 
includes CPSI spooler 26, which controls a single queue 
for a single logical printer corresponding to printer 12. 
Otherwise, CPSI spooler 26 is nearly identical to CPSI 
spooler 20, as are CPSI server 39 and CPSI server 37. 
The limited functionalities of CPSI spooler 26 and CPSI 
server 39 are advantageous because STB 10 is likely 
to have limited computing resources. STB 10 also in- 
cludes STB client application 27, which communicates 
to CPSI spooler 26 through CPSI client 29, using a sub- 
set of the API used by client application 15. This config- 
uration allows an STB user to initiate local print jobs. 
[0047] Figure. 3 illustrates representative software ar- 
chitecture of set top box 10. In general, this software 
architecture, together with the hardware architecture of 
the set top box, supports the reception of analog and 
digital services. In the case of analog services, STB 10 
tunes to an analog channel, extracts the NTSC video 
signal, and drives the local television receiver. In the 
case of digital services, STB 1 0 tunes to the appropriate 
digital channel, extracts MPEG -2 video packets, de- 
crypts, decompresses and routes the resulting video to 
an NTSC driver, so as to obtain an NTSC signal to drive 
the local television receiver. In addition, private data is 
received over the digital channel. Print jobs can be de- 
livered to STB 10 over a digital channel of digital serv- 
ices, or over private data channel, and is delivered using 
the CPSI transport. STB 10 reconstructs the packets 
from the CPSI transport, and routes the data to the ad- 
dressee, here, IPP server 25. 

[0048] Through the software architecture illustrated in 
Figure 3, STB 1 0 hosts various applications that present 
to the home user functionality offered by various cable 
services. Typical applications are a navigator, an inter- 
active program guide, electronic mail and a web brows- 
er. Most of these applications are client/server imple- 
mentations, where STB 10 hosts the client software, and 
CHE 6 hosts the server software. Communication be- 
tween client and server over the cable network is facili- 
tated by an operating system executed on STB 10, and 
is performed through published API's. Depending on the 
hardware platform and the operating system, those ap- 
plications may be resident at STB 10, or can be down- 
loaded from servers situated at CHE 6 for execution at 
STB 10. 

[0049] Thus, as shown in Figure 3, software architec- 
ture and STB 10 includes an interface 31 to hardware, 
an operating system 32, an HTML engine 34, resident 
applications 35, and other applications 36. The operat- 
ing system 32 is usually vendor-specific for the STB, and 
may include operating systems such as PTV, WinCE, 



MicroWare or OpenTV. HTML engine 34 provides a 
group of independent handlers that can be plugged to- 
gether in conformity to known plug-in specifications so 
as to provide ability to handle different types of media 

5 such as HTML, GIF, MPEG, HTTP,. Java script, etc. The 
HTML engine 34 is used to allow STB 10 to render 
HTML documents to a windows manager for display on 
the local television receiver. HTML documents may be 
retrieved from local cache, from in-band and out-of- 

10 band broadcast carrousels, VBI streams, HTTP proxy 
servers located at CHE 6, or remote HTTP servers ac- 
cessed by the STB user over the internet. In the latter 
case, documents retrieved from external web servers 
are filtered by a proxy according to predefined filtering 

15 criteria (such as surf watch); which also may convert re- 
quested documents into formats supported by the 
HTML engine 34. 

[0050] Resident applications 35 include such applica- 
tions as the aforementioned navigator, interactive pro- 

20 gram guide, and the like. 

[0051] Applications 35 and 36 include a web browser, 
an e-mail program, a print driver for attached printer 12, 
and the like. Of particular note, these applications in- 
clude the aforementioned applications from Figure 2, 

25 namely IPP server 25, CPSI spooler 26, CPSI client 29, 
and STB client applications 27. 

[RASTERIZATION] 

30 [0052] Because of limited resources available within 
STB 1 0, print data destined for printer 1 2 is not forward- 
ed to STB 10 in a high level device-independent print 
language (such as a page description language like 
PCL5, PDF, PostScript or the like) for rasterization at 

35 STB 10. Such an arrangement, which requires STB 10 
to rasterize print data based on a higher level printer 
language would often overwhelm the availability of re- 
sources at STB 10. Accordingly, and because a high 
speed data communication link exists between CHE 6 

40 and STB 10, rasterization is performed at CHE 6, and 
rasterized data is sent from CHE 6 to STB 1 0 for printout 
by printer 12. This section describes a preferred imple- 
mentation for achieving this effect. 
[0053] Figure 4 shows the overall data flow of a print 

45 job from client module 14 such as a remote merchant 
or a client application executing at CHE 6, through to its 
final delivery to printer 12 at the home of the STB user. 
As shown in Figure 4, client application 1 5 executing in 
client module 1 4 generates a print job addressed to one 

50 or more printers at one or more STBs. The print job is 
generated in a high level page description language 
(PDL) such as PostScript, PDF, HTML, or the like. High 
level printer languages such as these PDLs are pre- 
ferred, since they are printer independent, thereby f ree- 

55 ing the client application from a need for any knowledge 
of the configuration of the destination printer 12. The 
print job in PDL format is delivered over the aforemen- 
tioned CPSI client 16 from the client module 14 out 



6 



11 EP 1 071 254 A2 12 



through to CHE 6 where it is eventually accepted by CP- 
SI spooler 20. At CPSI spooler 20, the print job is ras- 
terized based on knowledge of the configuration and 
type of destination printer 12, which in turn is obtained 
by CPSI spooler from preferences directory 21 based 
on the destination printer address provided by the client 
module. The rasterized print job is delivered over the 
aforementioned client/server relationship between CHE 
6 and STB 10, where the rasterized print job is eventu- 
ally accepted by CPSI spooler 26 at STB 1 0. From there, 
the rasterized print job is delivered to target printer 12 
for printout thereby. 

[0054] Figure 5 is a flow chart which illustrates this 
process in further detail. The process steps shown in 
Figure 5 are stored on a computer readable medium 
such as an unshown memory at CHE 6 (for those steps 
performed by cable head end 6) or an unshown memory 
at STB 1 0 (for those process steps executed by set top 
box 10). Briefly, according to the process steps shown 
in Figure 5, to print a print job received by a cable head 
end on a printer connected to a set top box that com- 
municates with the cable head end over a high speed 
data communication network, the print job is received 
by the cable head end in a high level printer description 
language addressed to one or more such printers. 
Based on the address, the cable head end obtains a 
software driver for the printer, the software driver corre- 
sponding to configuration and type of the addressed 
printer. A logical printer is created in the cable head end 
(if a logical printer does not already exist), the logical 
printer corresponding to the software driver, and the log- 
ical printer is executed so as to rasterize the high level 
printer description language print job into a rasterized 
bit map image format The rasterized bit map image for- 
mat is transmitted over the high speed data communi- 
cation network to the set top box addressed in the print 
job. At the set top box, the set top box creates a logical 
printer corresponding to its locally connected printer (if 
a logical printer does not already exist), with the logical 
printer accepting as its input the rasterized bit map im- 
age data. The rasterized bit map image data is sent to 
the set top box's logical printer, which in turn routes the 
print job to the locally connected printer. 
[0055] In more detail, Figure 5 shows steps S501 
through S515 that are performed at CHE 6, and steps 
S516 through S520 that are performed at STB 10. In 
step S501 , cable head end 6 receives a print job from a 
client application. The print job is preferably in a high 
level printer description language (PDL) which is printer 
independent. In addition, the print job includes one or 
more addresses identifying the destination or destina- 
tions for the print job. The addresses may be in any con- 
venient format agreed to mutually between cable head 
end 6 and the client applications. 

[0056] It is envisioned that the print jobs received by 
cable head end 6 are print jobs from merchants located 
remotely and connected to cable head end 6 via the in- 
ternet. Examples of merchants and corresponding print 



jobs include a bank that prints out bank statements di- 
rectly into a customer's home, utility companies that 
print out utility bills directly at a consumer's home, ad- 
vertisers that printout advertisements and/or coupons 
s directly at a consumer's home, newsletter/news clipping 
services that print out periodicals directly in a reader's 
home, and the like. It is also possible for the print job to 
be delivered from a client application executing at cable 
head end 6, for example, a client application 22 that gen- 
10 erates a monthly cable guide for printout in a viewer's 
home, a news retrieval service which, based on auto- 
matic searches performed in accordance with user pref- 
erences over the internet, obtains news from a variety 
of internet sources, collates such news, and prints news 

is out directly in a news reader's home, and the like. Mul- 
tiple other arrangements are easily envisioned. What is 
preferable in the context of the invention, however, is 
that the print job is received by CPSI spooler 20 in cable 
head end 6 in a printer-independent format such as the 

20 aforementioned printer description languages. 

[0057] In step S502, and based on the printer ad- 
dresses received with the print job, CHE 6 accesses 
preferences directory 21 so as to retrieve user profiles 
for the users corresponding to the printers to which the 

2S print job is ultimately destined. User profiles preferably 
include at least an identification of printer configuration 
and type of printer 12 connected to the user's set top 
box. Other information may also be included in the user 
preference. One such piece of information is a blocking 

30 filter, which specifies filtering applied to the print jobs, 
thereby to permit a user to exclude unwanted print jobs. 
For example, so as to avoid a proliferation of unwanted 
print jobs at his home printer, a user may specify pref- 
erences instructing cable head end 6 to block print jobs 

3S from specific sources, or to allow print jobs only from 
specific sources. Any such preferences are applied in 
step S503 in which CHE 6 determines whether or not to 
reject the print job. If the job is rejected, flow branches 
to step S504 so as to reject the job and, possibly, to in : 

40 form client module 14 that the job has been rejected. 
[0058] If the print job is accepted for printout, flow ad- 
vances to step S506 in which the print job is scheduled 
and deposited in the subscriber's queue, and the step 
S507 in which the cable head end determines whether 

*s a print driver exists for the printer to which the print job 
is destined. A print driver might not exist for a variety of 
reasons. One such reason is that the cable head end 
does not have available a software module correspond- 
ing to the printer defined in the user profile. In such a 

so circumstance, cable head end 6 simply accesses an in- 
ternet provider of such a software driver, such as an in- 
ternet site corresponding to the printer manufacturer. 
One more common situation in which a driver might not 
exist, however, is a situation in which the user profile 

ss does not contain any identification of printer configura- 
tion or type. Such a situation is addressed in steps S509 
and S51 0, to which CHE 6 branches in a situation where 
a driver does not exist for failure of the user profile to 
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specify a printer. 

[0059] Thus, in step S509, CHE 6 communicates di- 
rectly (via CPS! spooler 20, CPSI client 38, and IPP cli- 
ent/server 24 and 25) to the destination STB 10, with a 
request for STB 10 to provide an identification of con- $ 
figuration and type for printer 12 connected to STB 10. 
STB 10 responds with the needed information, which is 
obtained by CHE 6. In step S510, CHE 6 loads the driver 
corresponding to the identification information provided 
from STB 10, and in addition updates the user profile in 10 
preferences directory 21 , so that future print jobs can be 
performed more readily, without the need for communi- 
cation with STB 1 0 for the purpose of determining printer 
identification. 

[0060] In any event, once a driver exists, flow advanc- is 
es to steps S511 and S512, in which CPSI spooler 20 
in CHE 6 determines whether a logical printer corre- 
sponding to the print driver already exists, or if one 
needs to be created. A logical printer will already exist 
if a prior print job has already been processed. Using 20 
the logical printer, CPSI spooler feeds the print job in 
the printer-independent PDL format to the logical printer, 
such that the logical printer rasterizes the print job into 
a printer-specific rasterized bit map image (step S514). 
It should be understood that the rasterized bit map im- 25 
age print job is not simply a fully bit map raster of the 
print job. Rather, the rasterized bit map print job is a bit- 
by-bit representation of the print job tailored specifically 
for the printer corresponding to the logical printer in CP- 
SI spooler 20. As one example of printer-specific raster- 30 
ization, many printers require print commands embed- 
ded in the print job, so as to enable control over the print- 
er. Examples of such print commands include start-of- . 
page, advance-down, eject-page, load-new-page, and 
the like. Such printer-specific commands are embedded ss 
in the rasterized print job. As a further example, some 
printers, such a bubble jet printers, print in bands, and 
embedded commands are needed so as to define such 
bands. As yet a further example, some bubble jet print- 
ers that print in color require print data to be supplied 40 
out of sequence for each different color, so as to accom- 
modate physical differences in location between printing 
jets for one color relative to printing jets for another color. 
Whatever the source of printer specificity, the rasterized 
bit map print job created by the logical printer in step 45 
S514 is printer-specific, tailored directly based on the 
identity of printer configuration and type of printer 12. 
[0061] Step S515 transmits the rasterized bit map 
print job to STB 10. As described above, the transmis- 
sion to STB 1 0 is from CPSI spooler 20, via CPSI client so 
38, IPP client/server 24 and 25, to CPSI server 39 and 
spooler 26 in STB 10. 

[0062] At the set top box, step S516 receives the ras- 
terized bit map print job in CPSI server 39 and forwards 
it to CPSI spooler 26. If a logical printer does not already ss 
exist in CPSI spooler 26, then a logical printer is created 
based on the identity of printer type and configuration 
for attached printer 12 (steps S5 17 and S519). In step 



S520, CPSI spooler, using the logical printer, executes 
the rasterized bit map print job so as to send the print 
job to printer 1 2 where it is rendered into a visible printed 
image. 

[PUSH PRINTING] 

[0063] As described previously, the purpose, of the 
CPS! architecture is to offer facilities that will enable ap- 
plications running anywhere on the internet to print on 
printers attached to set top boxes. Such printing is re- 
ferred to as "push printing" in the sense that the remote 
applications push print data through the cable head end 
to the set top box for printout at an attached printer 
[0064] Of course, it is possible to provide the set top 
box with its own printing capability, so as to enable a 
user to print data as desired. Such printing is referred to 
as "pull printing", in the sense that the user of the set 
top box pulls data for printout from sources remote from 
him. For example, a user may, as part of browsing the 
internet, come across a web page of interest, and may 
request printout of such a web page. Such printout is 
"pull printing" and is different from "push printing" de- 
scribed hereafter. 

[0065] General printing goals of the architecture de- 
scribed above and hereinafter include the ability to sup- 
port attachment and software and driving of any sup- 
ported printer, as well as the elimination of any need for 
a user to intervene in installation of a printer beyond 
physical connection to the set top box. Because of a uni- 
form API, software maintenance costs are reduced. In 
addition, by virtue of the CPSI software architecture, 
printing does not interfere with other programs running 
on the set top box, such as web browsing applications 
or television viewing. In addition, the CPSI architecture 
is portable across a variety of platforms, and supports 
a variety of different operating systems, particularly 
those operating systems that maintain execution in the 
set top box itself. 

[0066] Push printing in particular represents a model 
in which print action is initiated by an entity other than 
the set top box user. It is assumed that this entity, which 
actually may either be local to the cable head end or be 
an internet citizen, owns the document for which the 
print job is desired, or is able to reference it. Two differ- 
ent printing modes are contemplated: 

1 . Unicasting, which refers to a point-to-point con- 
nection in which a remote internet site sends print 
data separately to each destination client; and 

2. Multicasting, which refers to a mode in which a 
single copy of the print data is sent to multiple.des- 
tination points. Multicasting can also include broad- 
casting, in which a single copy of print data is sent 
to all destination points rather than to a selected 
subcast thereof. 

[0067] Examples of print jobs subject to push printing 
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include merchant- initiated print jobs from remote inter- 
net sites. Such merchant-initiated print jobs may include 
constant content print jobs,, such as a flyer advertising 
particular items for sale. The flyer can be printed in a 
unicast or multicast mode, and is delivered in the appro- s 
priate unicast or multicast mode from the cable head 
end to the appropriate set top boxes. Merchant initiated 
print jobs can also include variable content print jobs 
such as personalized statements like retailing, a bank 
statement or a utility bill. Based on a client application 10 
running at the merchant's server, the print job is created, 
and submitted to the cable head end. Again, the cable 
head end delivers the print job in either unicast or mul- 
ticast mode, as requested by the print job to the set top 
box or boxes in question. is 
[0068] Generalized goals of merchant initiated print- 
out from remote internet sites include the following. 
First, the merchant is able to submit the print job at its 
own internet site, by means of a client application run- 
ning on the merchant's CPU. The merchant is able to 20 
specify parameters for the print job, including destina- 
tion address and whether or not the transmission is via 
secured or unsecured transmission. The destination ad- 
dress may specify unicast or multicast printing, meaning 
that the destination address might identify only a single 25 
recipient, or might represent multiple recipients or a 
group of recipients. The print job is generated in non- 
proprietary device independent format, by use of widely 
available client applications, or even customized print 
applications, that print through standardized and device 30 
independent format. This is achieved through separa- 
tion of the print submission client and the content crea- 
tion tool: the content creation tool is left to the merchant, 
whereas the print submission client is embodied in the 
CPSI client described above. At the cable head end, res- 35 
ident software maintains a directory of user profiles in 
preferences directory 21 , the profiles including subscrib- 
er name, subscriber account number, address, printer 
model, set top box capabilities, any blocking filters, and 
policy data. The CPSI spooler at the cable head end dis- 40 
cards print jobs that meet criteria specified by blocking 
filter data, or accepts only print jobs that meet other 
specified criteria. A system administrator at the cable 
head end is able to display a print queue, indicating glo- 
bal print jobs for all cable subscribers, or print jobs on a 45 
per user basis. Using such a print queue, the system 
administrator is able to examine the status of jobs in the 
queue, and the status of corresponding printers at- 
tached to set top boxes, and is further able to delete jobs 
in the queue and override any of user selectable print so 
options. The cable head end spooler does not com- 
mence a print job until it has ascertained that the set top 
box is ready to accept print data, and that the attached 
printer is ready and on line. Preferably, the CPSI spooler 
in the set top box is able to commence a print operation ss 
before the entire print job has been downloaded from 
the cable head end, and is further able to confirm suc- 
cessful completion of print jobs. 



254 A2 16 

./ 

[0069] Figures 6A, 6B and 6C illustrate general ar- 
rangements for unicast (point-to-point) printing and mul- 
ticast (one-to-many) printing. As shown in Figure 6A, 
unicast printing involves printout of a print job from a 
remote web server to a specifically identified printer at- 
tached to a set top box. The print job is routed via the 
internet to the cable head end, and thence over the dig- 
ital cable network to the set top box for printout at the 
destination printer. Figure 6B illustrates an alternative 
form of unicast printing, in which a remote web server 
gathers data from multiple different web sites, aggre- 
gates the data into a single print job, and then push- 
prints the resulting print job to a destination printer. Of 
course, although the aggregating server is illustrated as 
a remote web server, it is possible for an aggregation 
application to execute within the cable head end, com- 
municate over the internet to multiple different web sites 
for collection of aggregate data, to aggregate the data 
at the cable head end, and then to push-print the aggre- 
gated print job to a destination set top box. 
[0070] Figure 6C shows multicast printing in which a 
remote web server generates a print job having multiple 
destination printers. The print job is routed to the cable 
head end via the internet, which thereupon routes the 
print job, in a multicast or broadcast configuration, over 
the digital cable network to multiple different set top box- 
es for printout by respective printers attached thereto. 
[0071] Figures 7A and 7B are flow charts showing re- 
spective processing by the cable head end arid by the 
set top box in response to a print job. Referring first to 
Figure 7A, step S701 illustrates receipt by the cable 
head end of a print job from a remote internet source, 
or from an application such as 22 at the cable head end. 
In step S702, the cable head end retrieves the user pro- 
file from directory 21 (Figure 2). Based on the user pro- 
file, cable head end determines (in step S703) whether 
or not to accept or to reject the job. If the job is rejected, 
flow advances to step S705 and the job is not processed 
further. It is possible for step S705 to send information 
back to the upstream remote internet site, indicating that 
the job has been rejected. 

[0072] On the other hand, if the job has not been re- 
jected, flow advances to step S706, in which, based on 
destination information included with the print job, the 
cable head end determines the destination address or 
addresses for the print job. Steps S707 and S709 create 
logical printers if they are needed. That is, if a corre- 
sponding logical printer or printers do not already exist 
in spooler 20, the needed logical printer or printers are 
created in CPSI spooler 20 (Figure 2); with a separate 
logical printer being created for each different printer 
needed to accomplish the unicast or multicast printing. 
That is, in a unicast mode, since only a single printer is 
involved, then only a single logical printer corresponding 
to the printer in question is created. On the other hand, 
in a multicast or broadcast mode, multiple users and 
multiple printers are the destination for the print job. It 
is possible/however, for several of the multiple users to 
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employ the exact same printer and printer configuration. 
As a consequence, although it is likely that multiple log- 
ical printers are created in the CPSI spooler at the cable 
head end, it is equally likely that a single logical printer 
will be able. to support several users because each of s 
the several users will have exactly the same printer type 
and configuration. 

[0073] The print job is thereafter scheduled and de- 
posited into the user's queue (step S710), for rendering 
by the logical printers (or spooled for subsequent ren- io 
dering just prior to delivery to the STB). It is possible to 
render the print jobs into a bit map rasterized format, as 
discussed above in connection with Figure 5, but this is 
not ordinarily necessary. Rather, all that is necessary is 
for the logical printers to process the print job for sub- is 
sequent use by the set top boxes. 
[0074] In step S711, the print job from each logical 
printer is unicast or broadcast to the destination address 
or addresses. Thereafter, in step S712, the cable head 
end builds a notification server so as to await notification 20 
of printout from each of the set top boxes to which print 
data has been transmitted. 

[0075] Figure 7B illustrates process steps performed 
by the set top box in response to receipt of a print job 
transmitted from the cable head end over the digital ca- 25 
ble network. Thus, in response to receipt of a print job 
(step S720), the set top box executes the print job (step 
S721) so as to print the print job on its attached printer. 
It is possible for the set top box to utilize the CPSI spool- 
er arrangement discussed above in connection with Fig- 30 
ure 5, but this is not mandatory. Rather, according to this 
aspect of the invention, it is only necessary for the set 
top box to receive the print job and to cause its attached 
printer to print it. 

[0076] In step S722, the set top box builds a notifica- 35 
Won client for communication with the corresponding 
confirmation server built at the cable head end in con- 
nection with step S712. The notification client in the set 
top box then communicates with the notification server 
at the cable head end (step S723) so as to notify the 40 
cable head end of ongoing print status. In particular, the 
notification client at the set top box notifies the cable 
head end as each sheet of the print job is commenced, 
as each sheet is concluded, and as the print job is con- 
cluded. In addition, the notification client permits inter- 45 
action from the user at the set top box, whereby the user 
at the set top box can modify his print queue by cancel- 
ling jobs or advancing jobs out of sequence from the 
queue. 

[0077] At the cable head end, and based on informa- so 
tion received from the notification client at the set top 
box, the cable head end can distribute print status infor- 
mation as appropriate. For example, it is possible for the 
cable head end to transmit print status back to the orig- 
inating merchant at the remote internet site, so as to per- 55 
mit the merchant to confirm that the print job has been 
successfully completed. Alternatively, or in addition, it is 
possible for the cable head end to utilize the print status 



information so as to monitor, maintain and manage print 
queues for each and every one of the set top boxes con- 
nected to the digital cable network. 
[0078] Figure 8 illustrates the relationship of the noti- 
fication client created in the set top box and the notifi- 
cation server created in the cable head end. In Figure 
8, the same reference numerals as those used in Figure 
2 are utilized whenever the functions are the same. 
What is shown further in Figure 8 is notification client 40 
created by set top box 10, for monitor of the status of 
the print job being spooled to printer 12 by CPSI spooler 
26. Notification client 40 transmits printer status infor- 
mation back to notification server 41 in CHE 6 for use 
by CPSI spooler 20 to monitor and manage print 
queues, and to provide notification information of suc- 
cessful printout back to client modules 14. Notification 
client 40 and notification server 41 communicate over 
the digital cable network 42, using the same physical 
wire as that used by IPP client and server 24 and 25. 
[0079] By virtue of the foregoing arrangement, push 
printing from remote internet sites is facilitated at print- 
ers connected to set top boxes that are fed data from a; 
cable head end and via a digital cable network. The push 
printing can be unicast or multicast. In addition, notifica- 
tion of print status is provided from the set top box back 
to the cable head end, thereby permitting confirmation 
of printout to the remote internet merchant, or mainte- 
nance and management of print queues from the cable 
head end. 

[SECURE PRINTING] 

[0080] The ability of the present invention to provide 
push-printing as discussed immediately above, allows 
a merchant having internet client application 1 5 to send 
print data through CHE 6 to a subscriber at the subscrib- 
er's STB 1 0. For instance, a merchant having an internet 
application, such as a bank or credit card services com- 
pany, generates print data which corresponds to a par- 
ticular subscriber, such as a banking statement or a 
credit card statement, for automatic printing on the print- 
er which is locally attached to the set top box of the sub- 
scriber. It can be appreciated that such print data is of 
a confidential nature and that it would be preferable to 
have the print data sent to STB 10 in a secure manner. 
As such, the present invention provides the ability to al- 
low client application 15 to push-print confidential print 
data to a subscriber at STB 10 via CHE 6 in a secure 
manner. 

[0081] Figure 9 illustrates a first embodiment for se- 
cure printing of print data from client application 15 in 
client module 14 to STB 10 via CHE 6 for printing on 
printer 12. In this embodiment of secure push-printing, 
both CHE 6 and STB 10 are considered to be trusted 
environments. A trusted environment is one which can 
be trusted to receive data and to access and/or maintain 
the data in a trusted manner so as to prevent misuse of 
the data or transfer of the data to non-trusted environ- 
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ments. 

[0082] First, as illustrated in Figure 9, secure printing 
is achieved by establishing a secure connection be- 
tween client application 15 and CHE 6, and between 
CHE 6 and set top box 10. Specifically, the preferred 
embodiment utilizes a secure protocol between CPSI 
client 16 and CPSI server 37 to establish a secure con- 
nection between client application 15 and CHE 6. A se- 
cure protocol, such as secure sockets layer (SSL) pro- 
tocol, is used in addition to the previously described pro- 
tocols between client application 15 and CHE 6 in order 
to achieve secure push-printing. Figure 10 depicts the 
protocol layers that are preferably utilized between cli- 
ent application 15 and cable head end for secure push- 
printing. The protocol layers, often referred to as a pro- 
tocol stack, are described in Figure 1 0 from the perspec- 
tive of a communication path between CPSI client 16 
and CPSI server 37. Specifically, it can be seen from 
Figure 10 that CPSI protocol 1001 is the top layer com- 
munication protocol between CPSI client 16 and CPSI 
server 37. Directly below CPSI protocol 1001 is IPP pro- 
tocol layer 1002 which provides the printing specific pro- 
tocol for communication between IPP client 17 and IPP 
server 19, which are in direct communication with CPSI 
client 16 and CPSI server 37, respectively. HTTP proto- 
col 1003 may also be utilized for communication be- 
tween client application 15 and CHE 6 and is located 
directly below IPP protocol layer 1002. SSL protocol lay- 
er 1004 resides directly below HTTP protocol layer 1003 
so as to provide for a secure communication path be- 
tween CPSI client 1 6 and CPSI server 37. Directly below 
SSL protocol layer 1 004 is the underlying transport layer 
.1005 which may be comprised of TCP/IP, or other such 
transport protocols. In this manner, secure transport of 
print data from client application 15 to CHE 6 is made 
possible. The present invention is not limited to the use 
of SSL, and any other secure protocol or secure trans- 
port mechanism may be utilized to accomplish the same 
result. 

[0083] Returning to Figure 9, the secure connection 
between client application 15 and CHE 6 is established 
through the use of the above-described protocols, there- 
fore providing a path from client application 15 through 
CPSI client 16, and IPP client 17 to IPP server 19 and 
CPSI server 37, respectively. In the preferred embodi- 
ment, the connection is established upon the receipt by 
client application 15 of a certificate from CHE 6 via the 
SSL protocol 1004. The certificate is preferably signed 
by a trusted third party and is used to verify that client 
application 15 is really communicating with CHE 6. In 
this manner, CHE 6 is authenticated by client application 
1 5. Print data is then sent in a secure manner from client 
application 15 to CPSI spooler 20 in CHE 6 through the 
secure connection. It is also possible for client applica- 
tion 1 5 provide a signed certificate to CHE 6 so that CHE 
6 can authenticate the identity of client application 15. 
In this manner, client application 15 and CHE 6 are mu- 
tually authenticated, thereby ensuring that client appli- 



cation 15 is sending the confidential data to the correct 
destination and ensuring that CHE 6 verifies the identity 
of the source of the confidential source. It can be appre- 
ciated that such mutual identification is preferable for 
5 print data comprising a bank statement or a utility bill. 
[0084] In the embodiment illustrated in Figure 9, the 
print data is "provided to CPSI spooler 20 along with the 
identification information related to the subscriber to 
whom the print data is to be sent. The print data is pro- 

10 vided from client application 1 5 to CPSI spooler 20 in a 
device-independent format. CPSI spooler 20 then refers 
to preferences directory 21 to obtain the necessary in- 
formation corresponding to the subscriber, such as the 
print driver information for printer 12 connected to STB 
10 corresponding to the subscriber. CPSI spooler then 
transforms the print data from the device-independent 
format into a rasterized format by using a printer driver 
which corresponds to printer 1 2. The rasterized print da- 
ta is then spooled by CPSI spooler 20 of CHE 6 for trans- 

20 mission to STB 1 0. 

[0085] The print data is then ready to be sent directly 
to CPSI spooler 26 of STB 10 for immediate printing on 
printer 12. This is accomplished. by establishing a se- 
- cure connection between CHE 6 and STB 1 0 in a similar 

25 manner to the secure connection between client appli- 
cation. 15 and CHE 6 as described above. In the pre- 
ferred embodiment, CHE 6 receives a certificate from 
STB 10 so that cable head end can verify /the identity of 
STB 10, whereupon a secure connection Js established 

30 between CHE 6 and STB 10. As discussed above, mu- 
tual authentication can also be implemented so that STB 
1 0 can verify the identity of CHE 6. Once the secure con- 
nection is established between CHE 6 and STB 1 0, CHE 
. 6 sends the rasterized print data to STB 1 0. CPSI spool- 

35 er 26 in STB 1 0 then automatically passes the rasterized 
print data to printer 1 2 for printing, thereby providing the 
confidential data to the subscriber in a secure fashion. 
It should be noted that although the above description 
involves confidential print data being sent in a secure 

40 manner to only one subscriber, the same method may 
be utilized for providing confidential information from in- 
ternet client application 1 5 to many subscribers, wherein 
the confidential print data is unique and customized for 
each single subscriber (unicast). In addition, the above 

45 method may also be utilized for secure push-printing of 
the same print data to many individual subscribers 
(broadcast/multi-cast). 

[0086] In addition to the embodiment for secure push- 
printing as described in Figure 9, secure push-printing 

50 may also be achieved when CHE 6 is not a considered 
a trusted environment by client application 15. Secure 
push-printing can still be accomplished according to the 
embodiment described in Figure 11 . As can be seen by 
comparison between Figure 11 and Figure 9, this em- 

55 bodiment is nearly identical to that of Figure 9 except 
that the connection between client application 15 and 
CHE 6, and the connection between CHE 6 and STB 10 
are not necessarily secure and are treated as though 
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they are not secure. Therefore, the print data is trans- 
formed from device-independent print data to rasterized 
print data in the client application 15 prior to being sent 
to CHE 6 for transmission to STB 10 over the digital ca- 
ble network. Specifically, client application 15 has ac- s 
cess to a printer driver which corresponds to printer 12 
which is locally attached to the subscriber's STB 10. Cli- 
ent application 15 therefore renders the print data for 
printing on printer 1 2 by transforming it from a device- 
independent format to rasterized print data specific to io 
printer 12 of the particular subscriber. The rendering of 
the print data is performed by client application 15 in 
client module 14 in this embodiment, as opposed to 
within CHE 6 in the embodiment of Figure 9, because 
in this embodiment CHE 6 is not know considered a is 
trusted environment by client application 15 and there- 
fore cannot be trusted to render the print data for printing 
on printer 12. Preferably, client application 15 also en- 
crypts the print data prior to sending it to CHE 6 for sub- 
sequent transmission to STB 10, thereby providing ad- 20 
ditional security to the print data. 
[0087] Referring again to Figure 11, the rasterized, 
encrypted print data is sent from client application 15 to 
CHE 6 over the normal connection utilizing CPSI client 
16, IPP client 17, IPP server 19 and CPSI client 37, re- 25 
spectively. It should be noted that although a secure 
connection using SSL is not required in this embodi- 
ment, it may be used to provide additional security. CPSI 
spooler 20 of CHE 6 does not render the data because 
it is already rasterized but instead simply recognizes the 30 
destination information provided in a header section of 
the encrypted, rasterized data and then spools the ras- 
terized data for transmission to the appropriate sub- 
scriber. The encrypted, rasterized data is then sent form 
CHE 6 to STB 10 via CPSI client 38, IPP client 24, IPP 35 
server 25 and IPP server 39 respectively. Similar to the 
connection between client application 15 and CHE 6, 
this connection does not need to be secure through the 
use of. the SSL protocol, although it may be secure for 
additional protection. In this manner, CPSI spooler 26 40 
of STB 10 receives the encrypted, rasterized data from 
CHE 6. CPSI spooler 26 then decrypts the rasterized 
print data and then automatically sends the rasterized 
print data directly to printer 1 2 for printing, therefore pro- 
viding the subscriber with the confidential print data in 45 
a secure fashion. Unlike the embodiment described in 
Figure 9, this is accomplished even though CHE 6 is not 
a trusted environment by sending the print data from cli- 
ent application 15 to STB 10 in an encrypted, rasterized 
format, whereby CHE 6 is used as an interim server. so 
[0088] Figure 12 provides a flow chart which de- 
scribes the steps for accomplishing secure push-print- 
ing pursuant to the two embodiments described above. 
In step S1 201 , client application 15 generated print data 
related to a specific subscriber, such as a bank state- ss 
ment. Next, it-is determined whether or not CHE 6 is 
considered a trusted environment. (Step S1202). If CHE 
6 is a trusted environment, control proceeds to step 



S1203 in which it is determined if a secure connection 
can be established between client application 15 and 
CHE 6, as discussed above, jf a secure connection can- 
not be established between client application 15 and 
CHE 6, the print job is rejected in step S1 204. If a secure 
connection is established between client application 15 
and CHE 6, control proceeds to step S1205 in which 
client application 15 sends the print data in a device- 
independent format to CHE 6. CHE 6 then renders the 
print data in step S1206, as previously described, and 
spools the print data for transmission to STB 10. 
[0089] In step S1 207, it is determined if a secure con- 
nection can be established between CHE 6 and STB 1 0, 
as discussed above. If a secure connection cannot be 
established between CHE 6 and STB 10, the print job 
is rejected in step S1208. If a secure connection is es- 
tablished between CHE 6 and STB 1 0, control proceeds 
to step S1209 in which the rasterized print data is sent 
from CHE 6 to STB 10. Then, in step S1210, STB 10 
automatically passed the rasterized print data to printer 
12,. upon which printer 12 prints the rasterized print data 
(step S1216). 

[0090] Returning to step S1202, if CHE 6 is not con- 
sidered a trusted environment, control proceeds to step 
S1211 in which client application 15 rasterizes the print 
data and also encrypts the print data so that is may be 
sent to STB 10 via CHE 6 in'a secure fashion. Client 
application 1 5 sends the encrypted, rasterized print data 
to CHE 6 in step S1 21 2 with a header that indicates the 
destination information for the print data and which in- 
dicated that the print data has already been rasterized. 
In step S1213, CHE 6 obtains the destination informa- 
tion that was sent with the encrypted, rasterized print 
data, spools the encrypted, rasterized, print data for 
transmission to STB 1 0, and then transmits the encrypt- 
ed, rasterized, print data to STB 10. STB 10 then de- 
crypts the encrypted, rasterized print data in step 
S1 21 4, after which STB 1 0 sends the decrypted, raster- 
ized print data to printer 1 2 (step S1 21 5). Printer 1 2 then 
prints the rasterized print data in step S1216. 
[0091] Thus, whether or not cable head end 6 is con- 
sidered a trusted environment, confidential print data 
from client application 15 on the internet, such as a 
bank, can be sent in a secure manner from client appli- 
cation 15 to set top box 10 on a digital cable network 
through the cable head end 6 for automatic printing on 
printer 12 that is locally attached to set top box 10. In 
this manner, a subscriber on a digital cable network can 
automatically receive monthly billing statements or bank 
statements from a corresponding internet application 
maintained by the billing service or bank in a secure 
manner, thereby preventing misuse or improper access 
by others of the information contained therein. 

[REMOTE PLUG-AND-PLAY] 

[0092] The configurations described above for the 
present invention are provided to allow printing from cli- 
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ent module 14 to STB 10 via CHE 6, wherein the print 
data is formatted for printing on printer 1 2 either at CHE 
6 by CPS! spooler 20 or at the client application 15 of 
client module 1 4. In those configurations, the print data 
is generally provided to STB 10 in a rasterized format s 
required for printing directly to printer 12 without the 
need for utilizing a printer driver in STB 10. The utiliza- 
tion of a printer driver in STB 10 is necessary, however, 
when a user of STB 10 wishes to print locally, such as 
when printing a web page that the user is viewing on the io 
television to which STB 10 is attached. A printer driver 
in STB 10 would also be necessary in instances when 
print data is provided from CHE 6 to STB 1 0 in a device- 
independent format. In such situations, and in others not 
discussed herein, an appropriate printer driver corre- is 
sponding to printer 12 needs to be provided for use in 
STB 10. 

[0093] Depending on the capabilities of STB 10, a 
printer driver could be loaded in a variety of ways. For 
example, if the set top box has sufficient memory capac- 20 
ity, a number of printer drivers could be pre-loaded into 
the memory of STB 10 for several different printers. In 
the alternative, STB 10 may allow a floppy disk drive or 
CDROM, or the like, to be interfaced to STB 10 such 
that printer drivers could be accessed from a floppy disk 25 
or CDROM. 

[0094] In the set top box environment of the present 
invention, it is appreciated that a user may prefer to uti- 
lize the digital cable network in order to obtain and load 
a printer driver. Therefore, the present invention pro- 30 
vides a manner in which to provide a remote plug-and- 
play service whereby CHE 6 locates and provides an 
appropriate printer driver to STB 10 upon request by 
STB 10, thereby supporting the attachment of a local 
printer to STB 10. 35 
[0095] This feature of the present invention is de- 
scribed in Figure 1 3, which depicts a sequence of steps 
for accomplishing a preferred embodiment of the remote 
plug-and-play feature for supporting a local printer at- 
tached to STB 10. In step S1301, the subscriber plugs 40 
printer 1 2 into STB 1 0 via the interface provided by STB 
10 for printers. This interface may comprise a universal 
serial bus (USB), an RS-232 interface, or other printer 
connection. Next, in step S1302, STB 10 determines 
that a new printer has been plugged in and that STB 45 
does not have a printer driver corresponding to the new 
printer. This detection is achieved via hardware inter- 
face 31 and operating system 32 of STB 10. Client ap- 
plication 27 of STB 10 obtains an indication from oper- 
ating system 32 that a printer driver is. needed for printer so 
12. STB client application 27 then sends a request to 
CHE 6 to obtain a printer driver that corresponds to print- 
er 1 2. The request is sent from STB 1 0 to CHE 6 via the 
digital cable network, but not necessarily through the 
IPP protocol, because print data is not involved in this ss 
transaction. Therefore, it can be appreciated that any of 
the underlying transport protocols such as TCP/IP, may 
be utilized to send the request from STB client applica- 



tion 27in STB 10 to CHE application 22 in CHE 6 (step 
S1303). 

[0096] It should be noted that the request for printer 
driver from STB client application 27 preferably includes 
the information necessary to identify printer. 12, such as 
the manufacturer and model of printer 12. Next, in step 
S1304, CHE application 22 receives the request for 
printer driver from STB 10. CHE application 22 then ac- 
cesses preferences directory 21 to obtain hardware and 
operating system information which describes STB 10 
(step S1305). This information is necessary to deter- 
mine which type of printer driver should be obtained and 
sent to STB 10. For instance, the set top box may com- 
prise one of several currently available set top boxes, 
such as the Explorer 2000 by Scientific Atlanta, the DCT 
5000+ by General Instrument, and the Streammaster by 
Motorola. In addition, the appropriate printer driver must 
correspond to the operating system implemented in the 
set top box. For instance, the Explorer 2000 utilizes the 
Power TV operating system, the DCT 5000+ utilizes the 
WinCE operating system, and Streammaster utilizes ei- 
ther the MicroWare or the Open TV operating system. 
[0097] In step S1306, CHE application 22 obtains a 
printer driver that is appropriate for the r manufacturer 
and model of. printer 12 and for the hardware type and 
operating system of STB 10. CHE application 22 may 
obtain this printer driver from one of many sources. For 
example, the needed printer driver may already be 
stored in a memory of CHE 6 and accessible via prefer- 
ences directory 21 for another subscriber on the digital 
cable network. In the alternative, CHE 6 may have sev- 
eral printer drivers available in a memory device such 
as a hard drive, CDROM, or the like. In another alterna- 
tive, CHE application 22 may utilize internet proxy 5 to 
access world wide web 4 so as to obtain the necessary 
printer driver for STB 10, such as from the printer man- 
ufacturer's web site. Once the appropriate printer driver 
is found by CHE application 22, CHE application 22 then 
sends the printer driver to STB 10 via the digital cable 
network (step S1 307). As mentioned previously, any of 
the available transport protocols for communication be- 
tween CHE 6 and STB 10 may be utilized to download 
the printer driver from CHE 6 to STB 10. Once STB 10 
receives the printer driver, STB 10 loads the printer driv- 
er in local memory for subsequent use and registers the 
printer driver with operating system 32 of STB 10 for fu- 
ture reference (step S1308). 

[0098] In step S1309, CHE 6 obtains another printer 
driver for use by CHE 6 to send print data to STB 10. 
CHE 6 determines which printer driver to obtain for its 
own use based upon the information describing printer 
1 2 provided by STB 1 0 and based upon the type of hard- 
ware and operating system which comprise CHE 6. As 
described above, CHE 6 may obtain the printer driver 
from any one of several resources, such as world wide 
web 4. CHE application 22 updates preferences direc- 
tory 21 so as to record the new printer driver that corre- 
sponds to printer 12 for use by CHE 6 (step S1310). In 



13 



25 



EP 1 071 254 A2 



26 



this manner, CHE 6 maintains a printer driver which cor- 
responds to printer 12 so that CHE 6 may render print 
data appropriately the next time print data is provided 
from CHE 6 to STB 10 for printing on printer 12. In ad- 
dition, this feature of the present invention also provides 
an easy and transparent plug-and-play mechanism for 
the user of STB 10 to connect and utilize printer 12 to 
STB 10. 

[0099] It is emphasized that several changes and 
modifications may be applied to the above-described 
embodiments, without departing from the teaching of 
the invention. It is intended that all matter contained in 
the present disclosure, or shown in the accompanying 
drawings, shall be interpreted as illustrative rather than 
limiting. In particular, it is to be understood that any com- 
bination of the foregoing embodiments may be utilized, 
so that the specifics of any one embodiment may be 
combined with any of the other or several other embod- 
iments. 



Claims 

1. A method for the secure printing of print data from 
a client application residing on a data network to a 
set top box which has a printer, said set top box 
communicating with a broadcasting station for inter- 
facing a broadband network to said data network, 
said method comprising the steps of: 

generating print data in said client application; 
determining whether a secure communication 
path exists between said client application and 
said set top box; and 

transmitting, in response to a determination 
that said secure communication path exists, 
said print data from said client application to 
said set top box. 

2. A method according to claim 1 , wherein the broad- 
casting station is a cable head end and the broad- 
band network is a digital cable network. 

3. A method according to claims 1 or 2, further com- 
prising the step of sending said print data from said 
set top box to said printer for printing. 

4. A method according to claim 2, wherein the step for 
determining whether a secure communication path 
exists between said client application and said set 
top box includes the use of a secure protocol be- 
tween said client application and said cable head 
end, and between said cable head end and said set 
top box. 

5. A method according to claim 4, wherein the step for 
determining whether a secure communication path 
exists between said client application and said set 



top box further includes a confirmation through said 
secure protocol, that said cable head end is a se- 
cure location, and a confirmation, through said se- 
cure protocol, that said set top box is a secure lo- 
5 cation. 

6. A method according to claim 2, wherein the step for 
transmitting, in response to a determination that 
said secure communication path exists, said print 
10 data from said client application to said set top box 
includes sending said print data from said client ap- 
plication to said cable head end in a device-inde- 
pendent format, transforming said print data from 
said device-independent format to a rasterized tor- 
's mat which corresponds to said printer, and. then 
sending said print data in said rasterized format 
from said cable head end to said set top box for 
printing on said printer 

20 7. a method according to claim 2, wherein the step for 
transmitting, in response to a determination that 
said secure communication path exists, said print 
data from said client application to said set top box 
includes encrypting said print data, sending said en- 

2S crypted print data from said client application to said 
cable head end, sending said encrypted print data 
from said cable head end to said set top box, de- 
crypting said print data, and sending the decrypted, 
print data to said printer for printing. 

30 

8. A method according to claim 5, wherein said confir- 
mation that said set top box is a secure location is 
sent from said set top box to said cable head end. 

35 9. a method according to claim 5, wherein said confir- 
mation that said cable head end is a secure location 
is sent from said cable head end to said client ap- 
plication. 

40 10. A method according to claim 2, wherein the step for 
transmitting, in response to a determination that 
said secure communication path exists, said print 
data from said client application to said set top box 
includes transforming, by said client application, 

45 said print data from said device-independent format 
to a rasterized format which corresponds to said 
printer, sending said print data in said rasterized for- 
mat from said client application to said cable head 
end, and then sending said print data in said raster- 

50 jzed format from said cable head end to said set top 
. box for printing on said printer. 

11. A method according to claim 4, wherein said secure 
protocol is a secure sockets layer protocol. 

55 • 

1 2. A method according to claim 4, wherein the step for 
determining whether a secure communication path 
exists between said client application and said set 
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. top box includes the transmission of at least one 
certificate from said set top box to said cable head 
end and the transmission of at least one certificate 
from said cable head end to said client application. 

5 

13. A method according to claim 1, wherein the broad- 
casting station is a wireless network. 

14. A method according to claim 1, wherein the broad- 
casting station is a satellite broadcasting network io 
and the set top box mounts a broadcasting station 
tuner. 

15. A method for the secure printing of print data from 

a client application residing on a data network to a '5 
set top box which has a printer, said set top box 
communicating with a broadcasting station for inter- 
facing a broadband network to said data network, 
said method comprising the steps of: 

20 

generating print data in said client application; 
determining that a secure communication path 
exists between said client application and said 
broadcasting station upon receipt through a se- 
cure protocol of a confirmation from said broad- 2S 
casting station that said broadcasting station is 
a secure location; 

sending, in response to a determination that 
said secure communication path exists, said 
print, data from said client application to said 30 
broadcasting station in a device-independent 
format; 

transforming in said broadcasting station, said 
print data from said device-independent format 
to a rasterized format which corresponds to 35 
said printer; 

determining that a secure communication path 
exists between said broadcasting station and 
said set top box upon receipt, through a secure 
protocol, of a confirmation from said set top box 40 
that said set top box is a secure location; and 
sending, in response to a determination that 
said secure communication path exists, said 
print data in said rasterized format from said 
broadcasting station to said set top box. 45 

16. A method for the secure printing of print data from 
a client application residing on a data network to a 
set top box which has a printer, said set top box 
communicating with a broadcasting station for inter- so 
facing a broadcasting network to said data network, 
said method comprising the steps of: 

generating print data in said client application; 
transforming, in said client application, said ss 
print data from said device-independent format 
to a rasterized format which corresponds to 
said printer; 



encrypting, in said client application, said print 
data in said rasterized format; 
sending said encrypted print data in said ras- 
terized format from said client application to 
said broadcasting station; and 
sending said encrypted print data in said ras- 
terized format from said broadcasting station to 
said set top box. 

17. An apparatus for the secure printing of print data 
from a client application residing on a data network 
to a set top box which has a printer, said set top box 
communicating with a broadcasting station for inter- 
facing a broadband network to said data network, 
comprising: 

a program memory for storing process steps 
executable to perform a method according to 
any of claims 1 to 16; and 
a processor for executing the process steps 
stored in said program memory. 

18. Computer-executable program, said computer-ex- 
ecutable program including modules for the secure 
printing of print data from a client application resid- 
ing on a data network to a set top box which has a 
printer, said set top box communicating with a 
broadcasting station for interfacing a broadband 
network to said data network, said computer-exe- 
cutable program comprising program modules ex- 
ecutable to perform a method according to any of 
claims 1 to 16. 

19. A computer-readable medium which stores compu- 
ter-executable process steps, the computer-exe- 
cutable process steps to achieve the secure printing 
of print data from a client application residing on a 
data network to a set top box which has a printer, 
said set top box being arranged to communicate 
with a broadcasting station for interfacing a broad- 
band network to said data network, said computer- 
executable process steps comprising process 
steps executable to perform a method according to 
any of claims 1 to 16. 
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